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(54) Information devices w hitch select and use one out of a plurality of encryption utilization 
protocols for protecting copyrights of digital productions 



(57) A verifier and a claimant notify each other of 
verifier type information and claimant type information, 
respectively. The verifier determines a verifier method 
corresponding to a combination of the verifier type in- 
formation and the notified claimant type information, 
generates challenge data in accordance with the deter- 
mined verifier method, and transmits the challenge data 
to the claimant. On receiving the challenge data from 



the verifier, the claimant determines a claimant method 
corresponding to the combination of the claimant type 
information and the notified verifier type information. 
The claimant then performs claimant processing on the 
challenge data using the determined claimant method 
to obtain response data, and transmits the response da- 
ta to the verifier. On receiving the response data from 
the claimant, the verifier performs verifier processing on 
the response data using the determined verifier method. 
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Description 

BACKGROUND OF THE INVENTION 

1 .Field of the Invention 5 

The present invention relates to a plurality of infor- 
mation devices which are linked by a communication 
link in an encryption utilization communication system 
for protecting digital data transmitted on the communi- io 
cation link between the plurality of information devices. 

2. Description of the Prior Art 

It has become increasingly common that video pro- '5 
ductions such as movies are digitized and compressed. 
Such digitized and compressed video productions hard- 
ly suffer from picture degradation, so that users can al- 
ways enjoy video productions with high picture quality. 
While analog video productions which have been re- 20 
peatedly dubbed have profound loss in picture quality, 
digitized video productions which have been repeatedly 
dubbed have no picture degradation. 

In other words, digitized video productions are far 
more susceptible to copyright infringement acts, such 25 
as unauthorized production of dead copies and unau- 
thorized alteration, than analog video productions. 
When such dead copies or altered video productions are 
distributed, producers of the original digitized video pro- 
ductions will suffer tremendous damage. Because of 30 
this danger, the producers are cautious of having their 
video productions digitized. Accordingly, the issue con- 
cerning the digitization of video productions is whether 
such productions can be protected against copyright in- 
fringements. 35 

It should be noted that dead copies of a video pro- 
duction can be produced by connecting a video repro- 
duction device for reproducing a recording medium on 
which the video production is recorded and an informa- 
tion recording device for recording the reproduced video 40 
production onto a recording medium. On the other hand, 
unauthorized alteration of a video production can be 
performed by connecting a video reproduction device 
lor reproducing a recording medium on which the video 
production is recorded and a video editing device for 45 
temporarily storing the reproduced video production on- 
to a hard disc for later editing. 

In order to prevent such infringements, video repro- 
duction devices which reproduce video productions 
must prevent the video productions from being distrib- so 
uted to unauthorized devices, such as information re- 
cording devices or digital information copying devices. 
For this purpose, when a video reproduction device is 
linked to such a device via a communication link, it is 
necessary for the video reproduction device to verify the ss 
authenticity of the device. 

The most representative techniques used for veri- 
fying the authenticity of the device in communication are 



authentication methods. In these methods, a transmitter 
device verifies the authenticity of a receiver device, and 
only proceeds to transmit data to receiver devices that 
have been successfully verified, thereby preventing un- 
authorized devices from receiving the data. It should be 
noted here that since the receiver device needs to lay 
claim to its authenticity, it is generally referred to as the 
"claimant", while the transmitter device needs to verify 
the authenticity of the claimant, and so is referred to as 
the Verifier". 

Predetermined standards have been created lor 
use by devices related to the recording and reproduction 
of optical discs, in order to protect copyrights. Here, the 
issue is whether a device conforms to the predeter- 
mined standard. Accordingly, the "verification of the au- 
thenticity" described above is performed by "judging 
whether a device conforms to the predetermined stand- 
ard". 

An example of a conventional authentication tech- 
nique is a one-way authentication method using the en- 
cryption techniques taught by the I SO/I EC (International 
Organization for Standardization/International Electro- 
technical Commission) 9798-2 Standard. This authenti- 
cation method is based on the claimant having secret 
data called a claimant key which it uses to prove its au- 
thenticity to the verifier without transmitting the claimant 
key itself. In this setup, the verifier selects data and 
transmits this to the claimant. This process is called 
"challenge", in which the transmitted data (called "chal- 
lenge data") is set at 64 bits in accordance with the ISO/ 
IEC 979B-2 Standard. 

The claimant encrypts the challenge data using an 
encryption algorithm and the claimant key. Here, the en- 
cryption is such that even if an unauthorized third party 
obtains both the challenge data and the encryption re- 
sult, it will still be impossible to derive the claimant key 
from these values. The claimant transmits the encrypted 
data to the verifier as "response data". 

The verifier, which receives the response data, is 
provided with a decryption algorithm corresponding to 
the encryption algorithm and a verifier key, which it uses 
to decrypt the response data. The verifier then com- 
pares the decryption result with the challenge data. 
When these match, the verifier judges that the claimant 
is in possession of the valid claimant key, and so verifies 
the authenticity of the claimant. This one-way authenti- 
cation is completed at the point when one device proves 
its authenticity to the other device, though one-way au- 
thentication processing may be repeated by switching 
the verifier and the claimant so that each device can ver- 
ify the authenticity of the other device (this method is 
called "two-way authentication"). 

There are two encryption systems used for authen- 
tication methods: a secret key encryption system and a 
public key encryption system. In these encryption sys- 
tems, a key used for generating response data is re- 
ferred to as the "claimant key", while a key used for ver- 
ifying the authenticity of the response data is referred to 
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as the "verifier key". 

In the secret key encryption system a same key can 
be used as the claimant key and the verifier key. Accord- 
ingly; both the claimant key and the verifier key must be 
kept secret when using secret key encryption. 

In the public key encryption system, different keys 
are used as the claimant key and the verifier key. Ac- 
cordingly, white the claimant key should be kept secret, 
the verrfier key does not have to be kept secret (the key 
which should be kept secret is referred to as the "secret 
key", and the key which does not have to be kept secret 
is referred to as the "public key"). 

When performing the secret key encryption using 
computer software, the processing time can be reduced. 
Also, when performing the secret key encryption using 
hardware, the apparatus can be realized compactly. On 
the other hand, there is a drawback with the secret key 
encryption system in that not only the claimant key but 
the verifier key should be kept secret. When, for exam- 
ple, the claimant key is changed, it becomes necessary 
to change the verifier key, too. However, a verifier key 
corresponding to the new claimant key of the claimant 
cannot be transmitted to the verifier via the communica- 
tion link, since data on the communication link is in prin- 
ciple not secure against unauthorized copying and thus 
its secrecy is not fully protected. Accordingly, there is a 
difficulty in changing the claimant key of the claimant. 
Since all devices in the secret key encryption system 
have the same secret information (regardless of wheth- 
er it is nominally a claimant key or a verifier key), once 
this secret information leaks out, the secrecy ol the en- 
tire system breaks down. 

As tor the public key encryption system, it is widely 
known that extensive numerical calculations are re- 
quired to perform public key encryption. To perform the 
public key encryption using standard computer soltware 
requires great amounts of processing time. Also, in or- 
der to perform the public key encryption using special- 
ized hardware, the hardware needs to be of a large- 
scale. While the public key encryption system has these 
drawbacks, the system has an advantage in that the ver- 
ifier key used for verifying the authenticity of the re- 
sponse data does not have to be kept secret but can be 
made public in an authentication method in challenge- 
response format. Security of the authentication method 
using the public key encryption can be maintained even 
when the verifier key is known. When, for example, the 
claimant key is changed, a verifier key corresponding to 
the new claimant key can be transmitted from the claim- 
ant to the verifier via the communication link. Thus, the 
authentication method in challenge-response format us- 
ing the public key encryption system is more flexible 
than the authentication method in challenge-response 
format using the secret key encryption system, as it can 
change the claimant key without affecting the security 
of the entire system (due to the reasons described 
above, authentication methods which use both secret 
and public keys can be regarded as more secure than 



authentication methods which use only secret keys). 

There is a range of choices concerning authentica- 
tion methods using the public key encryption system. 
For example, there is an inverse relation in the authen- 

s tication methods between security and processing 
speed (when using computer software) or hardware 
scale (when using specialized hardware). 

Thus, there are an increasing number of verifier 
methods and claimant methods to choose from, includ- 

io ing public key encryption utilization methods and secret 
key encryption utilization methods. As a result, when de- 
veloping new products related to the recording and re- 
production of video productions, it is possible to imple- 
ment optimum verifier and claimant methods lor the 

is hardware scale and processing speed ol the new prod- 
ucts. 

While it is desirable for producers who intend to de- 
velop new products to have a wide variety of verifier and 
claimant methods to choose from, there is also a danger 

20 of authentication failure when certain types of verifiers 
are connected with certain types of claimants. For in- 
stance, when authentication is performed between a 
verifier which has a verifier method using the public key 
encryption and a claimant which has a claimant method 

25 using the secret key encryption, two devices cannot per- 
form the authentication properly. Also, when the verifier 
and the claimant both perform authentication using the 
secret key encryption but with different versions of the 
software or hardware, each device cannot verify the au- 

30 thenticity of the other device. 

In order to avoid such inconsistencies, producers 
need to develop verifiers and claimants which are capa- 
ble of executing as large a number of versions of au- 
thentication protocols in challenge-response format as 

35 possible. For example, a verifier can be provided with 
hardware for a first verifier method using the public key 
encryption system and hardware for a second verifier 
method using the secret key encryption system. When 
a claimant has only a second claimant method using the 

40 secret key encryption system, both devices can perform 
authentication successfully. 

However, when both the verifier and the claimant 
are capable of executing a plurality of verifier and claim- 
ant methods respectively, a less secure verifier/claimant 

45 method may be automatically selected by the verifier 
and the claimant, so that a more secure verifier/claimant 
method which is possessed by both devices may not be 
utilized. For instance, when the claimant is provided with 
a first claimant method using the public key encryption 

so and the second claimant method using the secret key 
encryption, the verifier and the claimant may choose the 
less secure second verifier/claimant method using the 
secret key encryption to perform authentication. As a re- 
sult, the more secure first verifier/claimant method using 

55 the public key encryption may not be utilized. 

The above explanation has focused on authentica- 
tion techniques, although the p roblems stated above are 
not limited to such. When there are a plurality of choices 
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of encryption utilization protocols for protecting the cop- 
yrights and secrecy of video productions which are to 
be transmitted between a plurality of devices, the trans- 
mitter device and the receiver device may use different 
versions of an encryption utilization protocol. As a result, 
the receiver device may fail to decrypt the video produc- 
tions which have been encrypted by the transmitter de- 
vice. Also, the transmitter device may use an encryption 
utilization protocol which the receiver device does not 
possess to encrypt the video productions and transmits 
them to the receiver device, which as a result cannot 
decrypt the encrypted video productions. 

Thus, the danger of "n on -communicative state \ 
caused by having a plurality of choices of encryption uti- 
lization protocols, is not limited to the authentication 
techniques, but concerns every communication system 
which has a plurality of choices of encryption utilization 
protocols. 

SUMMARY OF THE INVENTION 

It is an object of the present invention to provide a 
communication system for effectively selecting and us- 
ing an encryption utilization protocol from a plurality of 
choices of encryption utilization protocols. 

The above object can be fulfilled by a communica- 
tion system where a plurality of information devices that 
are capable of executing a plurality of encryption utiliza- 
tion protocols communicate with each other, wherein 
each information device includes: a notification unit for 
transmitting type information showing a device type of 
a present information device, that represents at least 
one encryption utilization protocol that can be executed 
by the present information device out of the plurality of 
encryption utilization protocols, to another information 
device in the communication system with which commu- 
nication is to be performed; a determining unit for deter- 
mining which encryption utilization protocol is to be used 
in the communication, from a combination of the type 
information of the present information device and type 
information received from the other information device 
with which the communication is to be performed; and 
a communication unit, equipped with at least one proto- 
col correspondence communication unit that each per- 
forms communication using a corresponding encryption 
utilization protocol out of the encryption utilization pro- 
tocols that are represented by the device type shown by 
the type information of the present information device, 
for having one of the protocol correspondence commu- 
nication units perform the communication with the other 
information device using the encryption utilization pro- 
tocol determined by the determining unit. 

With the stated construction, when performing com- 
munication, each information device selects the encryp- 
tion utilization protocol to be used in accordance with 
the combination of its own type information and the type 
information of the other information device. As a result, 
even when information devices have different capabili- 



ties of executing encryption utilization protocols be- 
cause of differences in processing capability and hard- 
ware scale, each information device can still perform 
communication successfully. 

5 For instance, when there is a huge gap in the capa- 
bilities of executing encryption utilization protocols be- 
tween a first information device which can execute a plu- 
rality of encryption utilization protocols and a second in- 
formation device which can execute only one encryption 

10 utilization protocol, the determining unit of the first infor- 
mation device determines the encryption utilization pro- 
tocol which can be executed by the second information 
device out of the plurality of encryption utilization proto- 
cols. Accordingly, regardless of the difference in the ca- 

is pabilities of executing encryption utilization protocols 
between two information devices, communication can 
be successfully performed. As a result, the "non-com- 
municative state" caused by the difference in the capa- 
bilities of executing encryption utilization protocols can 

20 be prevented. 

Here, the communication system may include n dif- 
ferent device types, n being at least two, wherein the 
determining unit of each information device includes: a 
table storage unit for storing at least one table where 

2S each combination of two device types selected from the 
n different device types is associated with protocol cor- 
respondence information that shows which of the plu- 
rality of encryption utilization protocols should be used 
for the combination; a type information storage unit tor 

30 storing the type information showing the device type of 
the present information device out of the n different de- 
vice types; and a determination unit for determining, on 
being informed of the type information of the other infor- 
mation device with which the communication is to be 

35 performed, an encryption utilization protocol shown by 
protocol correspondence information that is associated 
in the table stored in the table storage unit to the com- 
bination of the type information of the other information 
device and the type information of the present informa- 

40 tion device as the encryption utilization protocol which 
is to be used in the communication, and wherein the 
communication unit has a protocol correspondence 
communication unit that corresponds to the encryption 
utilization protocol determined by the determination unit 

45 perform the communication using the determined en- 
cryption utilization protocol. 

With the stated construction, when a first informa- 
tion device and a second information device have capa- 
bilities of executing a plurality of encryption utilization 

so protocols, an optimum encryption utilization protocol tor 
the combination ol type information of the first and sec- 
ond information devices, out of the plurality of encryption 
utilization protocols, is shown in a table. Accordingly, the 
first and second information devices can use the opti- 
cs mum encryption utilization protocol shown in the table 
to perform communication. As a result, an optimum en- 
cryption utilization protocol for a combination of any two 
information devices can be used with reference to the 
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table. 

Here, the plurality ol encryption utilization protocols 
may be a plurality of authentication protocols, wherein 
each protocol correspondence communication unit in 
one of the plurality of information devices in the commu- s 
nication system includes: an authentication unit lor hav- 
ing another information device in the communication 
system with which communication is to be performed 
make an attempt to prove that the other information de- 
vice is authentic using an authentication protocol deter- io 
mined by the determination unit, and for judging from 
the attempt whether the other information device is au- 
thentic; and a transmission unit for transmitting data that 
is subject to protection to the other information device 
only when the authentication unit has judged that the is 
other information device is authentic. 

With the stated construction, when a first informa- 
tion device is a transmitter of data, such as digitized vid- 
eo productions, which should be protected against un- 
authorized acts by unauthorized devices, and when the 
first information device needs to verify the authenticity 
of a second information device, the first information de- 
vice proceeds to transmit the data only after verifying 
the authenticity of the second information device. As a 
result, unauthorized acts such as copyright infringe- 
ments can be prevented. 

Here, the table storage unit in each information de- 
vice may store a plurality of different tables in which 
each combination of two device types selected from the 
n different device types is associated with protocol cor- 
respondence information that shows which of the plu- 
rality ol authentication protocols should be used for the 
combination, wherein a first table out of the plurality of 
different tables stores protocol correspondence infor- 
mation that shows a most secure authentication proto- 
col that should be used for each combination of two de- 
vice types selected from the n different device types, 
wherein a second table out of the plurality of different 
tables stores protocol correspondence information that 
shows an authentication protocol with a highest 
processing speed that should be used for each combi- 
nation of two device types selected from the n different 
device types, wherein the determining unit in the infor- 
mation device further includes a selection unit for select- 
ing one out of the plurality of different tables stored in 
the table storage unit with consideration to which of high 
security and fast processing is desired for the commu- 
nication to be performed and for informing the other in- 
formation device of the selected table, and wherein the 
determination unit in each information device deter- 
mines the authentication protocol to be used in the com- 
munication from the table selected by the selection unit 
out of the plurality of different tables stored in the table 
storage unit. 

With the stated construction, when a first informa- 
tion device and a second information device are capable 
of executing a plurality of authentication protocols, a 
most secure authentication protocol and an authentica- 



tion protocol with a highest processing speed, out of the 
plurality of authentication protocols, are shown in the ta- 
bles corresponding to the combination of the type infor- 
mation of the first and second information devices. Ac- 
cordingly, the first and second information devices can 
use either the most secure authentication protocol or the 
authentication protocol with the highest processing 
speed to perform communication. As a result, an opti- 
mum authentication protocol for a combination of any 
two information devices can be used with reference to 
the tables. 

Here, the plurality of authentication protocols may 
include a plurality of authentication protocols in chal- 
lenge-response format, wherein the plurality of authen- 
tication protocols in challenge-response format include 
authentication protocols in challenge-response format 
that use public key encryption and authentication proto- 
cols in challenge-response format that use secret key 
encryption, wherein the protocol correspondence infor- 
mation in the first table shows the authentication proto- 
cols in challenge-response format that use the public 
key encryption as most secure authentication protocols 
in challenge-response format, wherein the protocol cor- 
respondence information in the second table shows the 
authentication protocols in challenge-response format 
that use the secret key encryption as authentication pro- 
tocols in challenge-response format with the highest 
processing speed, and wherein the communication unit 
in each information device is equipped with protocol cor- 
respondence communication units which perform com- 
munication based on the authentication protocols in 
challenge-response format that use the public key en- 
cryption and protocot correspondence communication 
units which perform communication based on the au- 
thentication protocols in challenge-response format that 
use the secret key encryption. 

With the stated construction, for all information de- 
vices which are equipped with large-scale hardware or 
software for executing the authentication protocols in 
challenge-response format using the public key encryp- 
tion, the capability of executing the authentication pro- 
tocols in challenge-response format that use the public 
key encryption is shown in the tables. As a result, when 
both a first information device and a second information 
device can execute the authentication protocols in chal- 
lenge-response format that use the public key encryp- 
tion, utilization of the hardware or software for executing 
the authentication protocols in challenge-response for- 
mat that use the public key encryption can be maxi- 
mized. 

BRIEF DESCRIPTION OF THE DRAWINGS 

These and other objects, advantages and features 
of the invention will become apparent from the following 
description thereof taken in conjunction with the accom- 
panying drawings that illustrate a specific embodiment 
of the invention. In the drawings: 
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Fig. 1 shows the connection between a verifier and 
a claimant; 

Fig. 2 shows how a plurality of verifiers can be freely 
connected to a plurality of claimants; 
Fig. 3A shows the type codes present in the authen- s 
tication system shown in Fig. 2; 
Fig. 3B shows which of the type codes shown in Fig. 
3A are possessed by the verifiers 101-103 and 
claimants 104-106 shown in Fig. 2; 
Figs. 4A, 4B, and AC show the processing of these m> 
public key encryption utilization algorithms and se- 
cret key encryption utilization algorithms; 
Fig. 5 shows the configuration of the device authen- 
tication system of the present embodiment; 
Fig. 6 shows an example of a security priority table is 
stored in the verifier/claimant method table storage 
unit 1 3; 

Fig. 7 shows an example of a speed priority table 
stored in the verifier/claimant method table storage 
unit 1 3; 20 
Fig. 8 is a flowchart showing the processing of con- 
trol programs performed by the verifier control unit 
14 and the claimant control unit 33; and 
Fig. 9 is a flowchart showing the processing of the 
control programs performed by the verifier control 25 
unit 14 and the claimant control unit 33. 

DESCRIPTION OF THE PREFERRED EMBODIMENT 

The following is an explanation of an authentication 30 
system of the embodiment of the present invention. This 
authentication system includes two information devices: 
a verifier and a claimant. In this authentication system, 
a reception device for receiving video productions trans- 
mitted via digital satellite broadcasting is used as an ex- 35 
ample of the verifier. A video disc recorder for recording 
the video productions onto a video recording DVD-RAM 
(Digital Versatile Disc - Random Access Memory) opti- 
cal disc is used as an example of the claimant. An AV 
bus, that conforms to predetermined bus standards and 
is capable of high-speed transmission of stream data 
specified in MPEG (Moving Picture Expert Group) 
Standard, is used as an example of a communication 
link which links the verifier and the claimant. A personal 
computer which has video editing functions is used as 
an example of an unauthorized device. 

Fig. 1 shows the connection between the verifier 
and the claimant in the authentication system. 

It is authorized to link a verifier 101 and a claimant 
104 via an AV bus 107, while to link the verifier 101 and 
a personal computer 1 08 is an act which may lead to a 
copyright infringement (hereinafter, "unauthorized act*). 
Since video editing software has been installed in the 
personal computer 108, once a video production trans- 
mitted via the digital satellite broadcasting is distributed 
to the personal compute r 1 0B, the video editing software 
of the personal computer 1 08 may be used to perform 
unauthorized alteration of the video production. 



Fig. 2 shows how a plurality of verifiers can be freely 
connected to a plurality of claimants. 

It is authorized to link any of verifiers 101-103 and 
any of claimants 104-106 via the AV bus 107, while it is 
unauthorized to link any of the verifiers 1 01 -1 03 and the 
personal computer 108. In order to prevent the video 
production from being distributed to the personal com- 
puter 108, the verifiers 101-103 verifies the authenticity 
of the device to which they are connected via the AV bus 
107. 

The verifier 101 is a host reception device devel- 
oped by a producer A, and is provided with the public 
key encryption utilization algorithms Public_ver. 2.6 and 
Public_ver. 1 .3, and the secret key encryption utilization 
algorithms Secret ver. 2.0, Secret_yer. 1.3, and 
Secret_ver. 1.0. Thus, the verifier 101 is capable of ver- 
ifying the authenticity of various types of video recording 
devices. Among these algorithms, the public key en- 
cryption utilization algorithm Public_ver. 2.6 is the most 
secure, though it requires elaborate hardware. 

The verifier 102 is a standard reception device de- 
veloped by the producer A, and is provided with the pub- 
lic key encryption utilization algorithm Public_ver. 1.3 
and the secret key encryption utilization algorithms 
Secret_ver. 2.0, Secret_ver. 1.3, and Secret_ver. 1.0, 
though it does not possess the most secure public key 
encryption utilization algorithm Public_ver. 2.6. 

The verifier 1 03 is a low-cost reception device de- 
veloped by the producer A. To simplify its hardware, it 
only has reduced compatibility with claimants. The ver- 
ifier 103 is provided with the secret key encryption utili- 
zation algorithms Secret_ver. 2.0 and Secret_ver. 1.3, 
and it does not have the public key encryption utilization 
algorithms which are more secure. 

The claimant 104 is a host video recording device 
developed by the producer A, and is provided with the 
public key encryption utilization algorithms Public_ver. 
2.6 and Public_ver. 1.3, and the secret key encryption 
utilization algorithms Secret_ver. 2.0 and Secret_ver. 
1 .3. Thus, the claimant 104 is capable of proving its au- 
thenticity to various types of reception devices. 

The claimant 105 is a standard video recording de- 
vice developed by the producer A, and is provided with 
the public key encryption utilization algorithm 
Public_ver. 1 .3 and the secret key encryption utilization 
algorithm Secret_ver. 2.0, though it does not possess 
the most secure public key encryption utilization algo- 
rithm Public_ver. 2.6. Thus, the claimant 105 does not 
have a wide range of choices of authentication proto- 
cols. 

The claimant 106 is a portable video recording de- 
vice developed by the producer A. To simplify its hard- 
ware, it is only provided with the secret key encryption 
utilization algorithm Secret_ver. 1.3, so that the claimant 
106 has very poor compatibility with verifiers. 

As described above, there are differences in the ca- 
pability of executing authentication protocols in chal- 
lenge-response format among the verifiers 1 01 -1 03 and 
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the claimants 104-106 shown in Fig. 2. Each ol these 
devices is assigned a type code which shows the exe- 
cutable types of encryption utilization authentication 
protocols in challenge-response format. 

Fig. 3A shows the type codes present in the authen- 
tication system in Fig. 2. 

In Fig. 3A, there are three device types in the au- 
thentication system: a type provided with the public key 
encryption utilization algorithms Public_ver. 2.6 and 
Public_ver. 1 .3, and the secret key encryption utilization 
algorithms Secretjver. 2.0, Secret_ver. 1.3, and 
Secret_ver. 1 .0 (Type 1 ); a type provided with the public 
key encryption utilization algorithm Public_ver. 1.3 and 
the secret key encryption utilization algorithms 
Secret„ver. 2.0, Secret_ver. 1.3, and Secret_ver. 1.0 
(Type 2); and a type provided with the secret key en- 
cryption utilization algorithms Secret_ver. 2.0 and 
Secret_ver. 1 .3 (Type 3). 

Fig. 3B shows which type code out of the type codes 
shown in Fig. 3A is attached to the verifiers 1 01 -1 03 and 
claimants 104-106 shown in Fig. 2. 

The following is an explanation of the processing of 
the public key encryption utilization algorithms and the 
secret key encryption utilization algorithms with refer- 
ence to Figs. 4A to 4C. 

Fig. 4A shows the processing of the secret key en- 
cryption utilization algorithms Secret_ver. 1.3 and 
Secret_ver. 1.0. 

In Secret_ver. 1 .0 and 1 .3, 1he verifier generates a 
64-bit random number R and encrypts this using a se- 
cret verifier key K1 , before transmitting the encryption 
result E(K1, Ft) to the claimant as challenge data CHA. 
On receiving the challenge data CHA, the claimant de- 
crypts it using a secret claimant key K1, and transmits 
the decryption result D(K1, CHA) to the verifier as re- 
sponse data RES. On receiving the response data RES, 
the verifier compares it with the random number R. 
When these match, the verifier judges that the claimant 
is in possession ol the valid claimant key and so verifies 
the authenticity of the claimant. 

Fig. 4B shows the processing of the secret key en- 
cryption utilization algorithm Secret_ver. 2.0. 

In Secretjver. 2.0, the verifier generates a 64-bit 
random number R and transmits this to the claimant as 
challenge data CHA. On receiving the challenge data 
CHA, the claimant encrypts it using a secret claimant 
key K1 , and transmits the encryption result E(K1 , CHA) 
to the verifier as response data RES. On receiving the 
response data RES, the verifier decrypts it using a se- 
cret verifier key K1 , and compares the decryption result 
D(K1 , RES) with the challenge data CHA. When these 
match, the verifier judges that the claimant is in posses- 
sion of the valid claimant key and so verifies the authen- 
ticity of the claimant. 

Fig. 4C shows the processing of the public key en- 
cryption utilization algorithms Public_ver. 1.3 and 
Public_ver. 2.6. 

In Public ver. 1.3 and 2.6, the verifier generates a 



160-bit random number R and transmits this to the 
claimant as challenge data CHA. On receiving the chal- 
lenge data CHA, the claimant encrypts it using a secret 
claimant key K1, and transmits the encryption result E 

s (K1 , CHA) to the verifier as response data RES. On re- 
ceiving the response data RES, the verifier decrypts it 
using a public verifier key K2, and compares the decryp- 
tion result D(K2, RES) with the challenge data CHA. 
When these match, the verifier judges that the claimant 

io is in possession of the valid claimant key and so verifies 
the authenticity of the claimant. 

Fig. 5 shows the configurations of the verifier 101 
and the claimant 104. First, the configuration of the ver- 
ifier 101 is explained below with reference to the figure. 

1S 

Verifier 101 

As shown in Fig. 5, the verifier 101 includes a veri- 
fier type information storage unit 4, a group of verifier 
20 modules 8, a verifier AV interface 11 , a verifier method 
selection unit 12, a verifier/claimant method table stor- 
age unit 13, a verifier control unit 14, a CS tuner 41, a 
TS decoder 42, and an AV decoder 43. 

The verifier type information storage unit 4 is non- 
25 volatile memory which stores a type code. The verifier 
101, provided with the public key encryption utilization 
algorithms Public_ver. 2.6 and Public_ver. 1.3, and the 
secret key encryption utilization algorithms Secret_ver. 
2.0, Secret_ver. 1.3 and Secret_ver. 1.0, belongs to 
30 Type 1 as shown in Figs. 3A and 3B. Accordingly, Type 
1 is stored in the verifier type information storage unit 4 
of the verifier 101. 

The group of verifier modules B is composed of the 
executable verifier modules for the verifier 101 , includ- 
es ing Public_ver. 2.6, Public_ver. 1.3, Secret_ver. 2.0, 
Secretjver. 1.3, and Secret_ver. 1.0 shown in Fig. 3A. 

The verifier modules Public_ver. 2.6 and 
Public_ver. 1.3 are each composed of flash memory 
which stores a public verifier key K2 and hardware which 
40 includes logic gates for executing the public key encryp- 
tion utilization algorithm. It should be noted that the pub- 
lic verifier key K2 of each of the verifier modules 
Public_ver. 2.6 and Public_ver. 1 .3 is changeable, since 
it is stored in the flash memory. 
45 The verifier modules Secret_ver. 2.0, Secret_ver, 
1 .3, and Secret_ver. 1.0 are each composed ol nonvol- 
atile memory which stores a secret verifier key K1 and 
hardware which includes logic gates for executing the 
secret key encryption utilization algorithm. 
so The verifier/claimant method table storage unit 13 
stores a plurality of tables which show executable au- 
thentication protocols in challenge-response lormat cor- 
responding to various combinations of verifier type in- 
formation and claimant type information. The plurality of 
55 tables include tables such as a security priority table and 
a speed priority table. 

Fig. 6 shows an example ol the security priority ta- 
ble stored in the verifier/claimant method table storage 
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unit 13. According 1o the figure, the public key encryption 
utilization algorithm Public_ver. 2.6 is associated with 
the combination of the verifier Type 1 and the claimant 
Type 4. while the public key encryption utilization algo- 
rithm Public_ver. 1.3 is associated with the combination 
of the verifier Type 1 and the claimant Type 5. As men- 
tioned above, the verifier 101 is in possession of authen- 
tication algorithms for a plurality of authentication pro- 
tocols in challenge-response format. The security prior- 
ity table shows the authentication algorithm for the most 
secure authentication protocol out ol the plurality of au- 
thentication protocols in challenge-response format. 

Fig. 7 shows an example of the speed priority table 
stored in the verifier/claimant method table storage unit 
1 3. According to the figure, the secret key encryption 
utilization algorithm Secret_ver. 2.0 is associated with 
the combination of the verifier Type 1 and the claimant 
Type 4, while the secret key encryption utilization algo- 
rithm Secret_ver. 2.0 is also associated with the combi- 
nation of verifier Type 1 and claimant Type 5. Thus, the 
speed priority table shows the authentication algorithm 
for the authentication protocol of the highest processing 
speed, out of the plurality of authentication protocols in 
challenge-response format. 

The verifiers 102-103 and the claimants 104-106 
are each equipped with the same verifier/claimant meth- 
od table storage unit 13 as the verifier 101 (as shown 
by the verifier/claimant method table storage unit 1 3 in 
the claimant 104). Common serial numbers are given to 
the plurality of tables in each verifier/claimant method 
table storage unit 13 of the verifiers 101-103 and claim- 
ants 104-106, so that on starting authentication 
processing, the verifier and the claimant can notify each 
other of the number of a table to be used. 

(t should be noted that in the present embodiment, 
whether a device is capable of executing one version of 
an authentication protocol in challenge-response format 
depends on whether the device is provided with an au- 
thentication module for that protocol version. However, 
when an authentication module for a particular version 
of an authentication protocol in challenge-response for- 
mat is compatible with other versions of the same au- 
thentication protocol, all executable versions of the au- 
thentication protocol in each authentication module 
should be taken into account in making the tables in the 
verifier/claimant method table storage unit 13. 

When the verifier AV interface 11 receives type in- 
formation of the claimant 104 via the AV bus 107, the 
verifier method selection unit 12 refers to the combina- 
tion of the received claimant type information and the 
verifier type information stored in the verifier type infor- 
mation storage unit 4 to select one verifier algorithm in 
a table of the specified number among the plurality of 
tables stored in the verifier/claimant method table stor- 
age unit 13. When there is a verifier algorithm corre- 
sponding to the combination of the verifier type and the 
claimant type, the verifier method selection unit 12 re- 
trieves the name of that verifier algorithm, and activates 



a verifier module corresponding to the retrieved verifier 
algorithm, out of the plurality of verifier modules in the 
group of verifier modules 8. 

When the verifier 101 receives claimant type inlor- 

5 mation of Type 4, the verifier method selection unit 12 
selects the public key encryption utilization algorithm 
Pubtic_ver. 2.6 according to the combination of Type 1 
(type of the verifier 101) and Type 4 from the security 
priority table as the optimum verifier algorithm. 

w On the other hand, when the verifier 101 receives 
claimant type information of Type 5, the verifier method 
selection unit 12 selects the public key encryption utili- 
zation algorithm Public_ver. 1.3 according to the com- 
bination of Type 1 and Type 5 from the security priority 

'5 table as the optimum verifier algorithm. 

The CS tuner 41 demodulates carrier waves which 
have been transmitted to a CS antenna Irom a digital 
satellite broadcast station, obtains transport packets 
specified in MPEG Stream Standard, and outputs them 

20 to the TS decoder 42. 

The TS decoder 42 converts the transport packets 
output from the CS tuner 41 into elementary streams 
specified in the MPEG Standard. 

The AV decoder 43 decodes the elementary 

25 streams output from the TS decoder 42 into AV signals. 
The verifier AV interface 11 transmits the MPEG 
streams output from the TS decoder 42 to the claimant 
104 via the AV bus 107, only when the verifier 101 has 
verified the authenticity of the claimant 1 04 using one of 

30 the verifier modules in the group of verifier modules 8. 
When the verifier 101 cannot verify the authenticity of 
the claimant 1 04, the MPEG streams output from the TS 
decoder 42 are not transmitted to the claimant 104 via 
the AVbus 107. 

35 

Claimant 104 

The following is an explanation of the configuration 
of the claimant 104. The claimant 104 includes a claim- 
40 ant type information storage unit 24, a group of claimant 
modules 28, a verifier/claimant method table storage 
unit 13, a claimant AV interface 31, a claimant method 
selection unit 32, a claimant control unit 33, an AV de- 
coder 44, a signal processing unit 45, and a drive system 

45 46. 

The claimant type information storage unit 24 stores 
claimant type information lor the claimant 104 showing 
the capability of executing authentication protocols in 
challenge-response format. According to Figs. 3A and 

so 3B, there are three device types in the authentication 
system in addition to Types 1 to 3 mentioned above: a 
type, such as the claimant 1 04, provided with the public 
key encryption utilization algorithms Public_ver. 2.6 and 
Public_ver. 1 .3, and the secret key encryption utilization 

55 algorithms Secret_ver. 2.0 and Secret_ver. 1 .3 (Type 4); 
a type, such as the claimant 1 05, provided with the pub- 
lic key encryption utilization algorithm Pubtic_ver. 1.3 
and the secret key encryption utilization algorithm 



8 



15 



EP 0 862 293 A2 



16 



Secret_ver. 2.0 (Type 5); and a type, such as the claim- 
ant 106, provided with the secret key encryption utiliza- 
tion algorithm Secret_ver. 1 .3 (Type 6). As the claimant 
104 belongs to Type 4, the claimant type inlormation 
storage unit 24 in the claimant 104 stores Type 4. 

The group of claimant modules 28 is composed of 
the executable claimant modules for the claimant 104, 
including Public_ver. 2.6, Public_ver. 1.3, Secret_ver. 
2.0, and Secret_ver. 1 .3, as shown in Fig. 3A. The claim- 
ant modules Public_ver. 2.6 and Public_ver. 1.3 are 
each composed of a memory unit which stores a secret 
claimant key K1 and hardware which includes logic 
gates for executing the public key encryption utilization 
algorithm. The claimant modules Secret_ver. 2.0 and 
Secret_ver. 1.3 are each composed of a memory unit 
which stores a secret claimant key K1 and hardware 
which includes logic gates for executing the secret key 
encryption utilization algorithm. 

The claimant method selection unit 32 refers to the 
combination of the verifier type information received 
Irom the verifier via the AV bus 107 and the claimant 
type information stored in the claimant type information 
storage unit 24 to select one claimant algorithm shown 
in a table stored in the verifier/claimant method table 
storage unit 13. Then a claimant module in the group of 
claimant modules 28 corresponding to the selected 
claimant algorithm is activated. 

When the claimant 104 receives verifier type infor- 
mation of Type 1 , the claimant method selection unit 32 
selects the public key encryption utilization algorithm 
Public_ver. 2.6 according to the combination of Type 4 
(type of the claimant 104) and Type 1 from the security 
priority table as the optimum claimant algorithm. 

On the other hand, when the claimant 104 receives 
verifier type information of Type 2, the claimant method 
selection unit 32 selects the secret key encryption utili- 
zation algorithm Secret_ver. 2.0 according to the com- 
bination of Type 4 and Type 2 from the security priority 
table as an optimum claimant algorithm. 

When the claimant 104 succeeds in proving its au- 
thenticity to the verifier 101 using the claimant module 
selected from the group of claimant modules 28, the 
claimant AV interface 31 receives the MPEG streams 
transmitted from the verifier 1 01 via the AV bus 1 07 and 
sends them to the signal processing unit 45. 

The AV decoder 44 performs predetermined 
processing to convert input video and audio signals into 
MPEG streams, and sends the MPEG streams to the 
signal processing unit 45. 

The signal processing unit 45 performs processing 
such as amplification, wave-shaping, binarization, de- 
modulation, and error correction on the MPEG streams 
sent from the AV decoder 44 or from the claimant AV 
interface 31, and outputs the processed signals to the 
drive system 46. 

The drive system 46 is equipped with a tray for a 
DVD-RAM and an optical pickup, and records the 
MPEG streams output from the signal processing unit 



45 ontothe DVD-RAM by increasing in strength of a light 
beam to change land phases on the surface of the in- 
formation layer inside the DVD-RAM. 

The verifier control unit 14 and the claimant control 
5 unit 33 are each composed of a CPU (Central Process- 
ing Unit) and a control program for executing authenti- 
cation protocols in challenge-response lormat between 
the verifier 101 and the claimant 104, Figs. 8 and 9 are 
flowcharts showing the processing of the control pro- 
io grams in the verifier control unit 1 4 and the claimant con- 
trol unit 33. The figures also show communication se- 
quences between the verifier AV interface 11 and the 
claimant AV interface 31 . 

Alter the verifier 1 01 is activated, the verifier control 
is unit 14 transmits a verifier/claimant method table 
number Nx to the claimant 104 (Step S25). Here, the 
verifier/claimant method table number Nx indicates the 
security priority table among the plurality of tables stored 
in the verifier/claimant method table storage unit 1 3. 
so After transmitting the verifier/claimant method table 
number Nx to the claimant 104, the verifier control unit 
1 4 has the verifier method selection unit 1 2 read verifier 
type inlormation Tx from the verifier type information 
storage unit 4 (Step S1), and has the verifier AV inter- 
ns face 11 transmit an authentication start signal and the 
verifier type information Tx to the claimant 104 via the 
AV bus 107 (Step S2). Accordingly, the verifier type in- 
formation Type 1 stored in the verifier type information 
storage unit 4 is transmitted. After the verifier AV inter- 
so face 11 transmits the verifier type information Tx, the 
verifier control unit 14 is set into a waiting state for re- 
ceiving claimant type information Ty (Step S3). 

After the claimant 104 is activated, the claimant 
control unit 33 is set into a waiting state for receiving the 
3S verifier/claimant method table number Nx (Step S26). 
On receiving the verifier/claimant method table number 
Nx, the claimant control unit 33 has the claimant method 
selection unit 32 read the claimant type information Ty 
from the claimant type information storage unit 24 (Step 
40 S4). The claimant control unit 33 is then set into a waiting 
state for receiving the authentication start signal and the 
verifier type information Tx from the verifier 101 (Step 
S5). On receiving the verifier type information Tx from 
the verifier AV interface 11. the claimant control unit 33 
45 has the claimant AV interface 31 transmit the claimant 
type informal ion Ty to the verifier 101 via the AVbus 107 
(Step S6). As a result, the claimant type inlormation 
Type 4 stored in the claimant type information storage 
unit 24 is transmitted to the verifier 101 via the claimant 
so AV interface 31 and the AV bus 107. 

On transmitting the claimant type inlormation Ty, the 
claimant control unit 33 has the claimant method selec- 
tion unit 32 select a claimant method Hy corresponding 
to the combination of the received verifier type informa- 
55 tion Tx and the claimant type information Ty in the se- 
curity priority table indicated by the verifier/claimant 
method table number Nx (Step S7), and activates a 
claimant module Hy corresponding to the claimant 
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method Hy (Step S13). When the activated claimant 
module Hy is either the public key encryption utilization 
algorithm Publ*ic_ver. 2.6 or Public_ver. 1 .3, the claimant 
control unit 33 chooses ■Yes" in Step S17, and proceeds 
to a waiting state for receiving challenge data CH A (Step 
S8). 

After the verifier AV interlace 11 receives the claim- 
ant type information Ty from the claimant AV interface 
31 , the verifier control unit 14 has the verifier AV inter- 
face 1 1 send the claimant type information Ty to the ver- 
ifier method selection unit 1 2, and proceeds to Step S9. 
The verifier control unit 14 has the verifier method se- 
lection unit 1 2 select a verifier method Hx corresponding 
to the combination of the verifier type information Tx and 
the received claimant type information Ty in the security 
priority table indicated by the verifier/claimant method 
table number Nx (Step S9). Since the verifier 101 and 
the claimant 104 are Type 1 and Type 4 respectively, 
the public key encryption utilization algorithm 
Pubtic_ver. 2.6 is selected by the verifier method selec- 
tion unit 12. After the public key encryption utilization 
algorithm Public_ver. 2.6 is selected, the verifier control 
unit 14 activates a verifier module Hx corresponding to 
the public key encryption utilization algorithm 
Public_ver. 2.6 (Step S10). 

On activating the verifier module Hx of the public 
key encryption utilization algorithm Public_ver. 2.6, the 
verifier control unit 14 chooses "Yes" in Step S16, and 
proceeds to Step S11 . The verifier control unit 14 gen- 
erates a 160-bit random number RND, and transmits 
this to the claimant 104 via the verifier AV interface 11 
as the challenge data CHA (Step S11). The verifier con- 
trol unit 1 4 is then set into a waiting state for receiving 
response data RES (Step S12). 

After the claimant AV interface 31 receives the chal- 
lenge data CHA, the claimant control unit 33 proceeds 
from Step S8 to Step S14. The claimant control unit 33 
has the claimant module Hy of the public key encryption 
utilization algorithm Public_ver. 2.6 encrypt the chal- 
lenge data CHA using a secret claimant key K1 to obtain 
the encrypted data E(K1 , CHA), which is then transmit- 
ted to the verifier 1 01 via the claimant AV interface 31 
as the response data RES (Step S14). 

After the verifier AV interface 11 receives the re- 
sponse data RES from the claimant 1 04, the verifier con- 
trol unit 14 proceeds to Step S15. The verifier control 
unit 14 has the verifier module Hx of the public key en- 
cryption utilization algorithm Pub1ic_ver. 2.6 decrypt the 
response data RES using a public verifier key K2 and 
compare the decryption result D(K2, RES) with the chal- 
lenge data CHA in order to judge whether the claimant 
104 is an authentic device (Step SI 5). When the com- 
parison results in a match, the verifier 101 verifies the 
authenticity of the claimant 104. On the other hand, 
when the comparison does not result in a match, the 
verifier 1 01 judges that the claimant 1 04 is not authentic. 

The authentication protocol in challenge-response 
format explained above has been performed with refer- 



ence to the security priority table, in which the public key 
encryption utilization algorithm Public_ver. 2.6 was 
used. The following is an explanation of an authentica- 
tion protocol in challenge-response format which is per-. 

s formed using the speed priority table. In the speed pri- 
ority table, the secret key encryption utilization algorithm 
Secret_ver. 2.0 is associated with the combination ol 
Type 1. and Type 4. Accordingly, a verifier module Hx ol 
the secret key encryption utilization algorithm 

jo Secret_ver, 2.0 and a claimant module Hy of the secret 
key encryption utilization algorithm Secret_ver 2.0 are 
activated in Step S10 of the verifier 101 and Step S13 
of the claimant 104, respectively. 

When the claimant module Hy of the secret key en- 

15 cryption algorithm Secret_ver. 2.0 is activated (Step 
S1 3), the claimant control unit 33 chooses "No" in Step 
St 7, and proceeds to Step S33. The claimant control 
unit 33 chooses "Yes" in Step S33, and is set into a wait- 
ing state for receiving challenge data CHA (Step S28). 

20 When the verifier module Hx of the secret key en- 
cryption utilization algorithm Secret_ver. 2.0 is activated 
(Step S10), the verifier control unit 14 chooses "No" in 
Step S16, and chooses "Yes" in Step S32 to proceed to 
Step S27. The verifier control unit 1 4 generates a 64-bit 

2S random number RND and transmits this to the claimant 
1 04 via the verifier AV interface 1 1 as the challenge data 
CHA (Step S27). The verifier control unit 14 is then set 
into a waiting state for receiving response data RES 
(Step S29). 

30 After the challenge data CHA is received by the 
claimant AV interface 31, the claimant control unit 33 
proceeds from Step S28 to Step S30. The claimant con- 
trol unit 33 has the claimant module Hy of the secret key 
encryption utilization algorithm Secret_ver. 2.0 encrypt 

35 the challenge data CHA using a secret claimant key K1 
to obtain the encrypted data E(K1, CHA), which is then 
transmitted to the verifier 101 via the claimant AV inter- 
face 31 as the response data RES (Step S30). 

After the response data RES is received by the ver- 
if ier AV interface 1 1 , the verifier control unit 1 4 proceeds 
to Step S31 . The verifier control unit 14 has the verifier 
module Hx of the secret key encryption utilization algo- 
rithm Secret_ver. 2.0 decrypt the response data RES 
using a secret verifier key K1 , and compare the decrypt- 

45 ed data D(K1 , RES) with the challenge data CHA in or- 
der to judge whether the claimant 104 is an authentic 
device (Step S31). 

The authentication protocol in challenge-response 
format explained above has been performed with reler- 

so ence to the speed priority table, in which the secret key 
encryption algorithm Secret_ver. 2.0 was used. Lastly, 
a case in which the secret key encryption utilization al- 
gorithm Secret_ver. 1 .3 is selected as an authentication 
protocol in challenge-response format is explained be- 

55 low. 

When the secret key encryption utilization algorithm 
Secret_ver. 1.3 is associated with the combination of 
Type 1 and Type 4 in a table stored in the verifier/claim- 
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ant method table slorage unit 13, a verifier module Hx 
of the secret key encryption utilization algorithm 
Secret_ver. 1.3 and a claimant module Hy of the secret 
key encryption utilization algorithm Secret_ver. 1 .3 are 
activated in Steps S10 and SI 3, respectively. 

When the claimant module Hy of the secret key en- 
cryption utilization algorithm Secret_ver. 1 . 3 is activated 
(Step S1 3), the claimant control unit 33 chooses "No" in 
Steps S1 7 and S33, before choosing "Yes" in Step S19. 
The claimant control unit 33 is then set into a waiting 
state for receiving challenge data CHA (Step S21). 

When the verifier module Hx of the secret key en- 
cryption utilization algorithm Secret_ver. 1.3 is activated 
(Step S10), the verifier control unit 14 chooses "No" in 
Steps S16 and S32, before choosing "Yes" in Step SIB. 
The verifier control unit 14 generates a 64-bit random 
number RND, and has the verifier module Hx of the se- 
cret key encryption utilization algorithm Secret_ver. 1.3 
encrypt the random number RND using a secret verifier 
key K1. The encrypted data E(K1, RND) is then trans- 
mitted to the claimant 104 via the verifier AV interlace 
11 as the challenge data CHA (Step S20). The verifier 
control unit 14 is then set into a waiting state for receiv- 
ing response data RES (Step S23). 

Afterthe claimant AV interface 31 receives the chal- 
lenge data CHA, the claimant control unit 33 proceeds 
from Step S21 to Step S22. The claimant control unit 33 
has the claimant module Hy of the secret key encryption 
utilization algorithm Secret_yer. 1.3 decrypt the chal- 
lenge data CHA using a secret claimant key K1 to obtain 
the decrypted data D(K1 , CHA), which is then transmit- 
ted to the verifier 101 via the claimant AV interface 31 
as the response data RES (Step S22). 

After the verifier AV interface 11 receives the re- 
sponse data RES from the claimant 1 04, the verifier con- 
trol unit 14 proceeds from Step S23 to Step S24. The 
verifier control unit 14 has the verifier module Hx of the 
secret key encryption utilization algorithm Secret_ver. 
1.3 compare the response data RES with the random 
number RND to judge whether the claimant 104 is an 
authentic device (Step S24). 

In the present embodiment, when there are a plu- 
rality of executable versions of verifier modules for the 
verifier and a plurality of executable versions of claimant 
modules for the claimant, a verifier module and a claim- 
ant module to be used for authentication are determined 
in accordance with the verifier and claimant type infor- 
mation, so that the authentication can be performed 
properly. Since the system is designed so that there will 
always be at least one matching method out of the ver- 
ifier methods provided in the verifier and the claimant 
methods provided in the claimant, authentication will 
definitely be possible for any combination ol verifier and 
claimant. 

The security priority table is provided to the verifier 
and the claimant, so that a most secure verifier/claimant 
module can always be selected from the plurality of ver- 
sions of verifier modules and the plurality of versions of 



claimant modules. 

In addition to the security priority table, the speed 
priority table is provided to the verifier and the claimant, 
so that a verifier/claimant module with the highest 
s processing speed can always be selected from the plu- 
rality of versions ol verifier modules and the plurality of 
versions o1 claimant modules. 

In the present embodiment, both the verifier and the 
claimant have a verifier/claimant method table storage 
io unit 1 3 which they use to select a verifier method and a 
claimant method respectively. However, the verifier/ 
claimant method table storage unit may be only provid- 
ed in either the verifier or the claimant, which may then 
be given the right to determine both the verifier method 
is and the claimant method to be used for authentication 
(the right to determine a verifier/claimant method is the 
same as the right to determine an authentication proto- 
col in challenge-response format). 

In this case, a device which has the right to deter- 
zo mine the verifier/claimant method refers to the combi- 
nation of its own type information and notified type in- 
formation of the other device to determine the verifier/ 
claimant method. The verifier and the claimant then ac- 
tivate a verifier module and a claimant module corre- 
ss sponding to the determined verifier/claimant method re- 
spectively, and execute authentication processing. 

In the present embodiment, a connector or a com- 
munication cable specified for connecting AV devices 
has been used as an example ol the communication 
30 link, although any communication link which connects 
AV devices, such as a computer bus, can be used. 

Also, while authentication protocols in challenge-re- 
sponse format have been used in the present embodi- 
ment, other authentication protocols which are not in 
35 challenge-response format may be used. Such authen- 
tication protocols include one-way authentication proto- 
cols in time sequence. In the protocols, a verifier and a 
claimant are each provided with a counter register 
whose initial value is set at "1". On receiving a request 
40 signal from the verifier, the claimant encrypts the initial 
value n 1" using a secret claimant key K1 and transmits 
the encryption result E(K1, 1) to the verifier. 

On receiving the encryption result E(K1 , 1 ), the ver- 
ifier decrypts it using a secret verifier key K1 , and com- 
45 pares the decrypted value with the initial value "1 " on its 
counter register. When two values coincide, the verifier 
increments the counter register to "2 , \ and notifies the 
claimant of authentication completion. 

On being notified of the authentication completion, 
so . the claimant also increments its counter register to "2". 
With both counter registers of the verifier and the claim- 
ant being "2 U , the above processing is repeated. 

Although the present invention has been fully de- 
scribed by way of examples with reference to the ac- 
ss companying drawings, it is to be noted that various 
changes and modifications will be apparent to those 
skilled in the art. Therefore, unless such changes and 
modifications depart 1rom the scope of the present in- 
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vention, they should be construed as being included 
therein. 



Claims 5 

1 . A communication system where a plurality of infor- 
mation devices that are capable of executing a plu- 
rality of encryption utilization protocols communi- 
cate with each other, 10 

wherein each information device comprises: 

notification means for transmitting type infor- 
mation showing a device type of a present in- 
formation device, that represents at least one 15 
encryption utilization protocol that can be exe- 
cuted by the present information device out of 
the plurality of encryption utilization protocols, 
to another information device in the communi- 
cation system with which communication is to 20 
be performed; 

determining means for determining which en- 
cryption utilization protocol is to be used in the 
communication, from a combination of the type 
information of the present information device 25 
and type information received from the other in- 
formation device with which the communication 
is to be performed; and 

communication means, equipped with at least 
one protocol correspondence communication 30 
unit that each performs communication using a 
corresponding encryption utilization protocol 
out of the encryption utilization protocols that 
are represented by the device type shown by 
the type information of the present information 35 
device, for having one of the protocol corre- 
spondence communication units perform the 
communication with the other information de- 
vice using the encryption utilization protocol de- 
termined by the determining means. *o 

2. The communication system of Claim 1, wherein 
there are n different device types, n being at least 
two, 

wherein the determining means of each infor- 45 
mation device includes: 

a table storage unit for storing at least one table 
where each combination of two device types 
selected from the n different device types is as- so 
sociated with protocol correspondence infor- 
mation that shows which of the plurality of en- 
cryption utilization protocols should be used for 
the combination; 

a type information storage unit for storing the ss 
type information showing the device type of the 
present information device out of the n different 
device types; and 



a determination unit for determining, on being 
informed of the type information of the other in- 
formation device with which the communication 
is to be performed, an encryption utilization pro- 
tocol shown by protocol correspondence infor- 
mation that is associated in the table stored in 
the table storage unit to the combination of the 
type information of the other information device 
and the type information of the present informa- 
tion device as the encryption utilization protocol 
which is to be used in the communication, 
and wherein the communication means has a 
protocol correspondence communication unit 
that corresponds to the encryption utilization 
protocol determined by the determination unit 
perform the communication using the deter- 
mined encryption utilization protocol. 

3. The communication system of Claim 2, wherein the 
plurality of encryption utilization protocols are a plu- 
rality of authentication protocols. 

wherein each protocol correspondence com- 
munication unit in one of the plurality of information 
devices in the communication system includes: 

an authentication unit for having another infor- 
mation device in the communication system 
with which communication is to be performed 
make an attempt to prove that the other infor- 
mation device is authentic using an authentica- 
tion protocol determined by the determination 
unit, and for judging from the attempt whether 
the other information device is authentic; and 
a transmission unit for transmitting data that is 
subject to protection to the other information 
device only when the authentication unit has 
judged that the other information device is au- 
thentic. 

4. The communication system of Claim 3, 

wherein the table storage unit in each informa- 
tion device stores a plurality of different tables 
in which each combination of two device types 
selected from the n different device types is as- 
sociated with protocol correspondence infor- 
mation that shows which of the plurality of au- 
thentication protocols should be used for the 
combination, 

wherein a first table out ol the plurality of differ- 
ent tables stores protocol correspondence in- 
formation that shows a most secure authenti- 
cation protocol that should be used for each 
combination of two device types selected from 
the n different device types, 
wherein a second table out of the plurality of 
different tables stores protocol correspondence 
information that shows an authentication proto- 
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col with a highest processing speed that should 
be used tor each combination of two device 
types selected f rom the n different device types, 
wherein the determining means in the informa- 
tion device further includes a selection unit for s 
selecting one out of the plurality of different ta- 
bles stored in the table storage unit with con- 
sideration to which of high security and last 
processing is desired for the communication to 
be performed and for informing the other infor- io 
mation device of the selected table, 
and wherein the determination unit in each in- 
formation device determines the authentication 
protocol to be used in the communication from 
the table selected by the selection unit, out of /5 
the plurality of different tables stored in the table 
storage unit. 

5. The communication system of Claim 4, wherein the 
plurality of authentication protocols include a plural- 20 
ity of authentication protocols in challenge-re- 
sponse format, 

wherein the plurality of authentication protocols 
in challenge-response format include authenti- 2S 
cation protocols in challenge-response format 
that use public key encryption and authentica- 
tion protocols in challenge-response format 
that use secret key encryption, 
wherein the protocol correspondence informa- 30 
tion in the first table shows the authentication 
protocols in challenge-response format that 
use the public key encryption as most secure 
authentication protocols in challenge-response 
format, 35 
wherein the protocol correspondence informa- 
tion in the second table shows the authentica- 
tion protocols in challenge-response format 
that use the secret key encryption as authenti- 
cation protocols in challenge-response format 40 
with the highest processing speed, and 
wherein the communication means in each in- 
formation device is equipped with protocol cor- 
respondence communication units which per- 
form communication based on the authentica- 45 
tion protocols in challenge-response format 
that use the public key encryption and protocol 
correspondence communication units which 
perform communication based on the authen- 
tication protocols in challenge-response format so 
that use the secret key encryption. 

6. The communication system of Claim 5, 

wherein an authentication unit in each proto- 
col correspondence communication unit which per- 5S 
forms communication based on an authentication 
protocol in challenge-response format that uses 
public key encryption in the information device com- 



prises: 

a first challenge data generation unit for gener- 
ating a random number and transmitting the 
random number to the other information device 
as challenge data; 

a first decryption unit for decrypting, on receiv- 
ing response data from the other information 
device, the response data using predetermined 
public key data; and 

a first judgement unit for judging whether the 
other information device is authentic based on 
a decryption result obtained by the decryption 
unit, 

and wherein an authentication unit in each pro- 
tocol correspondence communication unit 
which performs communication based on an 
authentication protocol in challenge-response 
format that uses secret key encryption in the 
information device comprises: 
a second challenge data generation unit lor 
generating a random number and transmitting 
the random number to the other information de- 
vice as challenge data; 

a second decryption unit for decrypting, on re- 
ceiving response data from the other informa- 
tion device, the response data using predeter- 
mined secret key data; and 
a second judgement unit for judging whether 
the other information device is authentic based 
on a decryption result obtained by the decryp- 
tion unit. 

7. The communication system of Claim 3, 

wherein the plurality of authentication protocols 
include a plurality of authentication protocols in 
challenge-response format, 
wherein the plurality of authentication protocols 
in challenge-response format include authenti- 
cation protocols in challenge-response format 
that use public key encryption and authentica- 
tion protocols in challenge-response format 
that use secret key encryption. 

8. The communication system of Claim 3, 

wherein the plurality of authentication proto- 
cols include one-way authentication protocols in 
time sequence. 
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